We were unimpressed by GFI LanGuard 2014’smobile-device-auditing features, but the latest R2 update remedies this – and then some. In addition to having the ability to run agentless vulnerability scans on iOS, Android and Windows Phone devices linked to Microsoft Exchange, it can now do the same for devices connected to Office 365, Google Appsfor Business and Apple Profile Manager.

Along with vulnerability assessment, patch management and auditing for Windows and Linux endpoints, LanGuard has improved the visibility of network devices. Support for Cisco and HP switches and routers, meanwhile, has been enhanced to include HP/3Com, Dell/SonicWALL, Juniper, IBM, Netgear and D-Link.

We deployed the LanGuard agent to our Active Directory (AD)domain members and found it simple to place them into groups, each with their own scan schedules. The console’s Remediation Center shows clearly what state all systems are in; Windows updates and patches can be pushed out manually or left to LanGuard’s auto-remediation service.

Network devices are added to the console by entering their IP addresses. We tested with HP ProCurve 2848 and 2626-PWR switches and LanGuard correctly identified what was running on them. Also included is support for a range of cloud services.

LanGuard uses ActiveSync to discover all connected mobile devices and report back on their vulnerabilities; this feature now appears to be more accurate than before, correctly reporting our iPad as a Wi-Fi-only model instead of the cellular version. The console also now shows which AD security policy is assigned to each mobile device.

All in all, GFI LanGuard 2014 R2 is a solid update: it tightens up reporting from the previous version and neatly automates endpoint patch management and remediation.

Author: Dave Mitchell